SlideShare une entreprise Scribd logo

RSAC2013 CME Group case study

Venafi
Venafi

Trust is the common denominator that differentiates industry leaders from their peers. Managed correctly encryption and certificate-based authentication provide the foundation of trust: security, privacy, authenticity, and compliance. Learn how CME Group is managing control over trust across their organization with enterprise key and certificate management. These slides were presented at the RSA Conference 2013 in San Francisco. The full presentation with audio is available at http://www.venafi.com/cme-group-case-study/.

BusinessTechnologie
1  sur  19
Télécharger pour lire hors ligne
MANAGING TRUST & RISK Bryan Green, CME Group
LEARNING OBJECTIVES ►  Building the Business Case for Trust ►  Building Trust ►  Maintaining Trust ►  Lessons learned and what you can do starting next week!
ABOUT CME GROUP ►  Worlds largest and most diverse futures exchange in the world. ►  CME Group is comprised of ►  Chicago Mercantile Exchange (CME) ►  Chicago Board of Trade (CBOT) ►  New York Mercantile Exchange (NYMEX) ►  Commodities Exchange (COMEX) ►  Where the world comes to manage risk
ABOUT CME GROUP ►  Highly Regulated Industry ►  Commodities Futures Trading Commission (CFTC) ►  Securities and Exchange Commission (SEC) ►  The Numbers ►  13.4 Million Average Daily Trades ►  3.4 Billion Contracts Traded in 2011 ►  Over $1 Quadrillion in Notational Value in 2011 ►  1 Quadrillion = 1000 Trillion
BUILDING THE BUSINESS CASE ►  Move to common authentication scheme ►  Replace PAC files ►  Replace RSA Tokens ►  Lower authentication TCO ►  Replace RSA Token after 2011 breach in trust ►  Bring security controls in house ►  Improve existing PKI assurance
BUIDLING TRUST ►  Build PKI with a high level of assurance ►  Secured with offline CAs ►  Secured with Hardware Security Modules ►  Secured with multi-party authentication
BUIDLING TRUST ►  Documented Processes ►  Audited ►  Enterprise Key and Certificate Management
MAINTAINING TRUST “Trust can take years to build, seconds to destroy, and forever to repair.” - Unknown
MAINTAINING TRUST ►  What can break trust? ►  Lax Access Controls ►  Who has access to your private keys? Are you sure? Can you prove it? ►  Antiquated Security Standards ►  Insecure hashing algorithms ►  Outdated Key Length
DEMO: POLICY ENFORCEMENT
DEMO: POLICY ENFORCEMENT ▶  https://ssl-tools.verisign.com/#csrValidator -----BEGIN NEW CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2Fn bzESMBAGA1UEChMJQ01FIEdyb3VwMQ0wCwYDVQQLEwRFVFBBMSEwHwYJKoZIhvcNAQkBFhJub29u ZUBjbWVncm91cC5jb20xFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAgAC6Fu1s3K+zwouWkxcnWISSeZ49bE9bMc916GU7rbX7dUR4OUCLMtTX6FGxeam8 Nnt9zd8F3RZjKN2LY7q8IMTKWZ42snuHhJ3Xr6CJ5Y8rX7/vuwCt2Os4DGM261lo6Bi9ns9eVDJE Rq6h055Tl0sDTVrLvIWQScTXkI6TNo0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBACSDXSv4fRlL 6l1v0qz3DQ89VHVtcMXkgRnNN2zL/EY6FJgumv2VKIBcvdB+ECNowWgdBOzBFjZOlvyux2jEBbO9 /vkojVwrG+xI4G1Zeh5vMLvbc3sD+NK50+aKYZ/Sq8sEyMFWxbzEk8Zi5nV/TO+jWFe+3cDpLKdh Yt1H4aQ+ -----END NEW CERTIFICATE REQUEST-----
POLICY ENFORCEMENT: EVEN BETER
POLICY ENFORCEMENT: EVEN BETER Set central policies to eliminate errors, mistakes, guesswork, audit violations, and much worse
MAINTAINING TRUST ►  What can break trust? ►  Poor Key and Certificate Management ►  Expired Certificates ►  Certificate CN mismatches.
MAINTAINING TRUST ►  Don’t let this be you!
LESSONS LEARNED What We Didn’t Know ►  Level of required processes ►  Documentation ►  Key Transport ►  Cross Organizational Engagement Creates Trust ►  Trust Creates Demand
LESSONS LEARNED How Our Process is Changing ►  Built-in ►  Policy enforcement ►  Visibility & tracking ►  Support many, many different use cases ►  Devices ►  Encryption v. authentication ►  When to use Internal v. Hosted PKI ►  Less reliance on hosted PKI
LESSONS LEARNED What’s next for CME Group ►  Figuring out what we have ►  Venafi Director for Internal and External Inventory Scans ►  Prioritizing demand ►  With limited PKI SMEs we have to prioritize. ►  Internal Education ►  PKI is voodoo! ►  Automate, automate, automate! ►  Policy Enforcement ►  Enrollment ►  Self Service
LESSONS LEARNED What’s next for Your Organization? ►  Today ►  Do you have an internal PKI? ►  What is the current state of your PKI? ►  3 Months ►  Plan for certificate based encryption and authentication ►  Develop your business case! ►  6 Months ►  Budget money ►  Budget time ►  Engage SMEs for help. If you don’t get it right the first time, there can’t be any trust!

Recommandé

CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
Secure content caching
Secure content cachingSecure content caching
Secure content cachingVarnish Software
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesvodQA
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesRodrigo Cândido da Silva
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 

Recommandé

CILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth FederationCILogon & SciTokens: OIDC/OAuth Federation
CILogon & SciTokens: OIDC/OAuth Federationjbasney
 
Secure content caching
Secure content cachingSecure content caching
Secure content cachingVarnish Software
 
Introduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesIntroduction to Security Vulnerabilities
Introduction to Security VulnerabilitiesvodQA
 
Protecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesProtecting Java Microservices: Best Practices and Strategies
Protecting Java Microservices: Best Practices and StrategiesRodrigo Cândido da Silva
 
Trust Online is at the Breaking Point
Trust Online is at the Breaking PointTrust Online is at the Breaking Point
Trust Online is at the Breaking PointVenafi
 
What is-flame-miniflame
What is-flame-miniflameWhat is-flame-miniflame
What is-flame-miniflameVenafi
 
Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Four Must Know Certificate and Key Management Threats That Can Bring Down You...
Four Must Know Certificate and Key Management Threats That Can Bring Down You...Venafi
 
Præsentation Greenland Hostels
Præsentation Greenland HostelsPræsentation Greenland Hostels
Præsentation Greenland HostelsJohn Harry Enggaard
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense whereEY
 
Sect f41
Sect f41Sect f41
Sect f41SelectedPresentations
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaversaastr
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)Agile ME
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?Evernym
 
Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 

Contenu connexe

Similaire à RSAC2013 CME Group case study

Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebCASCouncil
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityEvernym
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityT.Rob Wyatt
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense whereEY
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Keynectis
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksVenafi
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaversaastr
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through SecurityEnergySec
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteKeynectis
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?Keynectis
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?ITU
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)Agile ME
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link businessMike Shelah
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Ray Bugg
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?Evernym
 

Similaire à RSAC2013 CME Group case study (20)

Tech t18
Tech t18Tech t18
Tech t18
 
Alternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure WebAlternatives to Certificate Authorities for a Secure Web
Alternatives to Certificate Authorities for a Secure Web
 
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign IdentityThe Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
The Future of Authentication - Verifiable Credentials / Self-Sovereign Identity
 
Build and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of MediocrityBuild and Operate Your Own Certificate Management Center of Mediocrity
Build and Operate Your Own Certificate Management Center of Mediocrity
 
Public, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense wherePublic, private and hybrid blockchains: what makes sense where
Public, private and hybrid blockchains: what makes sense where
 
Sect f41
Sect f41Sect f41
Sect f41
 
Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...Why and how to implement strong authentication on the web cartes 2010 - pat...
Why and how to implement strong authentication on the web cartes 2010 - pat...
 
Ponemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and AttacksPonemon - Cost of Failed Trust: Threats and Attacks
Ponemon - Cost of Failed Trust: Threats and Attacks
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
Why You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with WeaverWhy You Need Compliance Before Series A Funding with Weaver
Why You Need Compliance Before Series A Funding with Weaver
 
Achieving Compliance Through Security
Achieving Compliance Through SecurityAchieving Compliance Through Security
Achieving Compliance Through Security
 
Offer a trustworthy environment on your web site
Offer a trustworthy environment on your web siteOffer a trustworthy environment on your web site
Offer a trustworthy environment on your web site
 
How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?How to offer a trustworhty environment on the web?
How to offer a trustworhty environment on the web?
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 
Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?Blockchains : Risk or Mitigation?
Blockchains : Risk or Mitigation?
 
When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)When agile meets governance, risk and compliance (GRC)
When agile meets governance, risk and compliance (GRC)
 
Pci compliance overview earth link business
Pci compliance overview earth link businessPci compliance overview earth link business
Pci compliance overview earth link business
 
Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)Scot Secure 2019 Edinburgh (Day 2)
Scot Secure 2019 Edinburgh (Day 2)
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
What makes a successful SSI strategy?
What makes a successful SSI strategy?What makes a successful SSI strategy?
What makes a successful SSI strategy?
 

Plus de Venafi

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?Venafi
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?Venafi
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...Venafi
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersVenafi
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsVenafi
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA GraphicVenafi
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSAVenafi
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber AttacksVenafi
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersVenafi
 

Plus de Venafi (9)

Where Are My SSH Keys?
Where Are My SSH Keys?Where Are My SSH Keys?
Where Are My SSH Keys?
 
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?When a Certificate Authority Fails, How Quickly Can You Restore Trust?
When a Certificate Authority Fails, How Quickly Can You Restore Trust?
 
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
SANS 20 Critical Security Control 17 Requirements for SSL/TLS Security and Ma...
 
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose CustomersPonemon Report: When Trust Online Breaks, Businesses Lose Customers
Ponemon Report: When Trust Online Breaks, Businesses Lose Customers
 
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security ControlsHow an Attack by a Cyber-espionage Operator Bypassed Security Controls
How an Attack by a Cyber-espionage Operator Bypassed Security Controls
 
Breaching the NSA Graphic
Breaching the NSA GraphicBreaching the NSA Graphic
Breaching the NSA Graphic
 
Breaching the NSA
Breaching the NSABreaching the NSA
Breaching the NSA
 
The Evolution of Cyber Attacks
The Evolution of Cyber AttacksThe Evolution of Cyber Attacks
The Evolution of Cyber Attacks
 
Five Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption DisastersFive Must Haves to Prevent Encryption Disasters
Five Must Haves to Prevent Encryption Disasters
 

Dernier

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Anamaria Contreras
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 

Dernier (20)

Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.Traction part 2 - EOS Model JAX Bridges.
Traction part 2 - EOS Model JAX Bridges.
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCREnjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
Enjoy ➥8448380779▻ Call Girls In Sector 18 Noida Escorts Delhi NCR
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 

RSAC2013 CME Group case study

  • 1. MANAGING TRUST & RISK Bryan Green, CME Group
  • 2. LEARNING OBJECTIVES ►  Building the Business Case for Trust ►  Building Trust ►  Maintaining Trust ►  Lessons learned and what you can do starting next week!
  • 3. ABOUT CME GROUP ►  Worlds largest and most diverse futures exchange in the world. ►  CME Group is comprised of ►  Chicago Mercantile Exchange (CME) ►  Chicago Board of Trade (CBOT) ►  New York Mercantile Exchange (NYMEX) ►  Commodities Exchange (COMEX) ►  Where the world comes to manage risk
  • 4. ABOUT CME GROUP ►  Highly Regulated Industry ►  Commodities Futures Trading Commission (CFTC) ►  Securities and Exchange Commission (SEC) ►  The Numbers ►  13.4 Million Average Daily Trades ►  3.4 Billion Contracts Traded in 2011 ►  Over $1 Quadrillion in Notational Value in 2011 ►  1 Quadrillion = 1000 Trillion
  • 5. BUILDING THE BUSINESS CASE ►  Move to common authentication scheme ►  Replace PAC files ►  Replace RSA Tokens ►  Lower authentication TCO ►  Replace RSA Token after 2011 breach in trust ►  Bring security controls in house ►  Improve existing PKI assurance
  • 6. BUIDLING TRUST ►  Build PKI with a high level of assurance ►  Secured with offline CAs ►  Secured with Hardware Security Modules ►  Secured with multi-party authentication
  • 7. BUIDLING TRUST ►  Documented Processes ►  Audited ►  Enterprise Key and Certificate Management
  • 8. MAINTAINING TRUST “Trust can take years to build, seconds to destroy, and forever to repair.” - Unknown
  • 9. MAINTAINING TRUST ►  What can break trust? ►  Lax Access Controls ►  Who has access to your private keys? Are you sure? Can you prove it? ►  Antiquated Security Standards ►  Insecure hashing algorithms ►  Outdated Key Length
  • 11. DEMO: POLICY ENFORCEMENT ▶  https://ssl-tools.verisign.com/#csrValidator -----BEGIN NEW CERTIFICATE REQUEST----- MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJJTDEQMA4GA1UEBxMHQ2hpY2Fn bzESMBAGA1UEChMJQ01FIEdyb3VwMQ0wCwYDVQQLEwRFVFBBMSEwHwYJKoZIhvcNAQkBFhJub29u ZUBjbWVncm91cC5jb20xFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAgAC6Fu1s3K+zwouWkxcnWISSeZ49bE9bMc916GU7rbX7dUR4OUCLMtTX6FGxeam8 Nnt9zd8F3RZjKN2LY7q8IMTKWZ42snuHhJ3Xr6CJ5Y8rX7/vuwCt2Os4DGM261lo6Bi9ns9eVDJE Rq6h055Tl0sDTVrLvIWQScTXkI6TNo0CAwEAAaAAMA0GCSqGSIb3DQEBBAUAA4GBACSDXSv4fRlL 6l1v0qz3DQ89VHVtcMXkgRnNN2zL/EY6FJgumv2VKIBcvdB+ECNowWgdBOzBFjZOlvyux2jEBbO9 /vkojVwrG+xI4G1Zeh5vMLvbc3sD+NK50+aKYZ/Sq8sEyMFWxbzEk8Zi5nV/TO+jWFe+3cDpLKdh Yt1H4aQ+ -----END NEW CERTIFICATE REQUEST-----
  • 13. POLICY ENFORCEMENT: EVEN BETER Set central policies to eliminate errors, mistakes, guesswork, audit violations, and much worse
  • 14. MAINTAINING TRUST ►  What can break trust? ►  Poor Key and Certificate Management ►  Expired Certificates ►  Certificate CN mismatches.
  • 16. LESSONS LEARNED What We Didn’t Know ►  Level of required processes ►  Documentation ►  Key Transport ►  Cross Organizational Engagement Creates Trust ►  Trust Creates Demand
  • 17. LESSONS LEARNED How Our Process is Changing ►  Built-in ►  Policy enforcement ►  Visibility & tracking ►  Support many, many different use cases ►  Devices ►  Encryption v. authentication ►  When to use Internal v. Hosted PKI ►  Less reliance on hosted PKI
  • 18. LESSONS LEARNED What’s next for CME Group ►  Figuring out what we have ►  Venafi Director for Internal and External Inventory Scans ►  Prioritizing demand ►  With limited PKI SMEs we have to prioritize. ►  Internal Education ►  PKI is voodoo! ►  Automate, automate, automate! ►  Policy Enforcement ►  Enrollment ►  Self Service
  • 19. LESSONS LEARNED What’s next for Your Organization? ►  Today ►  Do you have an internal PKI? ►  What is the current state of your PKI? ►  3 Months ►  Plan for certificate based encryption and authentication ►  Develop your business case! ►  6 Months ►  Budget money ►  Budget time ►  Engage SMEs for help. If you don’t get it right the first time, there can’t be any trust!